[Nix-dev] hydra & signing
Vladimír Čunát
vcunat at gmail.com
Tue Feb 22 23:11:50 CET 2011
Hi.
On 19 February 2011 08:00, Yury G. Kudryashov <urkud+nix at ya.ru> wrote:
> Is it hard to let hydra sign .nar archives? If hydra-created .nar archives
> will be signed, a user without root access (hence, without priveledges to do
> nix-channel --update) will be able to download & nix-store --import these
> nars.
Yes, I believe this is the way to go in future. Administator should
only be required to list the allowed substitution sources. I don't
think it'll be difficult to make hydra sign the archives and make the
substitute script check them. If you're interested in it, you can try
to implement it. I doubt anyone would object to such a feature.
Vlada
More information about the nix-dev
mailing list